What is the proper way to set up the Apache document root in terms of privileges?

Question

I have just installed Ubuntu 9.10 server edition on my machine and I wish to run my own personal local server with other users in the same LAN.

First, I was wondering what folder directory structure is best for the web root?

Should I just use:

/var/www/

and start throwing web documents there or should I create a folder elsewhere (maybe the home directory)?

Second, in the

/var/www/

directory only the root user can create documents in there, however, I wish to have other users be able to create files in the document root and upload them via FTP. Should I change the permissions or the www/ folder? Or again, should I create the document root elsewhere with different permissions? What is the safest way of doing this?

score 2 · Accepted Answer · answered Apr 26 '10 at 03:11

2

I disagree with Warner here, for a single site use /var/www, but for anything more complex I create subdirs in /srv/www

From your question the rough guide is:

aptitude install apache2
chmod g+w /var/www
adduser USER www-data (For each user)

Then have the users use SCP (please don't use FTP) to upload the files. If they want a GUI client then look at FileZilla.

answered Apr 26 '10 at 03:11

LapTop006

6,466
19
26

This sounds simpler for my needs right now. I think I'll take this approach. – user41157 Apr 26 '10 at 17:25

Warner · Answer 2 · 2010-04-26T01:46:58.337

Typically for servers serving only a few large sites dedicated in role, such as in a professional IT environment, they would be contained within /var/www.

I would create subdirectories for each separate site. For example:

/var/www/example.com
/var/www/testing.com
/var/www/anotherexample.com

What you are describing sounds more akin to a shared hosting environment. With a shared server, I would typically configure each user's Web sites within their home directories within public_html. If they had multiple domains, I would follow a similar convention as above but within this directory. I would also separate the ErrorLog and CustomLog within their home directory but outside of the Web tree.

SuExec and and mod_suphp would also be advised to prevent users' data being exposed to other users on the system and to limit scope of any users' Web sites being vulnerable.

If the users did not have domains, you could use subdomains within a primary domain or mod_userdir.

If you would rather not take the more organized approach, I would suggest using sub-directories, groups, and the SGID bit within /var/www. Nevertheless, that would not be the ideal approach in almost all situations.

Thanks for answering my question also, you gave me a lot of things to think about. I will read up shared hosting environments here. — user41157, Apr 26 '10 at 17:26

What is the proper way to set up the Apache document root in terms of privileges?

2 Answers2

Linked